===================== = End-of-Day report = =====================
Timeframe: Montag 28-12-2020 18:00 − Dienstag 29-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Video: Betrugsmaschen auf Facebook, WhatsApp, Instagram und Co. ∗∗∗ --------------------------------------------- Abo-Fallen, Phishing-Nachrichten oder unseriöse Werbungen. Auf Facebook, WhatsApp, Instagram & Co. stößt man auf verschiedene Betrugsmaschen. Im Video zeigen wir Ihnen, auf was Sie achten müssen, um sicher in den sozialen Medien surfen zu können! --------------------------------------------- https://www.watchlist-internet.at/news/video-betrugsmaschen-auf-facebook-wha...
∗∗∗ Useful Sources of Domain and DNS Logging ∗∗∗ --------------------------------------------- The final part of this blog series on log collection covers Managed DNS Providers, Packet Capture, IDS/IPS Tools, Mail Exchange, IIS Servers, and more. Learn about these log sources and explore the next steps for ideas beyond logging. --------------------------------------------- https://www.domaintools.com/resources/blog/useful-sources-of-domain-and-dns-...
∗∗∗ Using Microsoft 365 Defender to protect against Solorigate ∗∗∗ --------------------------------------------- This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s found in your environment. --------------------------------------------- https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defen...
∗∗∗ Want to know whats in a folder you dont have a permission to access? Try asking your AV solution..., (Tue, Dec 29th) ∗∗∗ --------------------------------------------- Back in February, I wrote a diary about a small vulnerability in Windows, which allows users to brute-force names of files in folders, which they dont have permission to open/list[1]. While thinking on the topic, it occurred to me that a somewhat-complete list of files placed in a folder one cant access due to lack of permissions might potentially be obtained by scanning the folder with an anti-malware solution, which displays files which are currently being scanned. --------------------------------------------- https://isc.sans.edu/diary/rss/26932
∗∗∗ A Google Docs Bug Could Have Allowed Hackers See Your Private Documents ∗∗∗ --------------------------------------------- Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Googles Vulnerability Reward Program. --------------------------------------------- https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html
∗∗∗ SearchDimension search hijackers: An overview of developments ∗∗∗ --------------------------------------------- The SearchDimension family of search hijackers has made some headway over the past year. Heres an overview of their latest tricks. --------------------------------------------- https://blog.malwarebytes.com/adware/2020/12/searchdimension-search-hijacker...
===================== = Vulnerabilities = =====================
∗∗∗ ZDI-20-1453: Qognify Ocularis EventCoordinator ConnectedChannel_GotMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1453/
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (flac, graphicsmagick, jackit, kdeconnect-kde, libmaxminddb, libvirt, openjpeg2, pngcheck, python3, roundcubemail, and spice-vdagent), openSUSE (gimp), and SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, cyrus-sasl, and gimp). --------------------------------------------- https://lwn.net/Articles/841436/
∗∗∗ Synology-SA-20:29 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_29
∗∗∗ procps-ng vulnerability CVE-2018-1126 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K83271321
∗∗∗ procps-ng vulnerability CVE-2018-1124 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16124204
∗∗∗ procps-ng vulnerability CVE-2018-1122 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00409335
∗∗∗ Webmin: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1269
∗∗∗ HCL Domino: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1271